ProgrammingThis forum is for all programming questions.
The question does not have to be directly related to Linux and any language is fair game.
Notices
Welcome to LinuxQuestions.org, a friendly and active Linux Community.
You are currently viewing LQ as a guest. By joining our community you will have the ability to post topics, receive our newsletter, use the advanced search, subscribe to threads and access many other special features. Registration is quick, simple and absolutely free. Join our community today!
Note that registered members see fewer ads, and ContentLink is completely disabled once you log in.
I created a cgi file (test.cgi) which takes user input and shows at the bottom of test.cgi. I want the result to be saved on test.cgi or to some other .html or .cgi file until and unless it is changed by another user; so if someone goes to http://127.0.0.1/test.html they would be able to see the last saved action.
Here's my code
Code:
#!/usr/bin/perl
use CGI qw(:standard);
print header;
print start_html('Test Form'),
h1('A Test Form'),
start_form,
"What's your name? ",textfield('name'),
p,
"What's your favorite mail client?",
p,
checkbox_group(-name=>'words',
-values=>['mutt','mail','pico','sylpheed'],
-defaults=>['mutt','mail']),
p,
"What's your favorite editor? ",
popup_menu(-name=>'editor',
-values=>['emacs','vi','ed','cat']),
p,
submit,
end_form,
hr;
if (param()) {
print
"Your name is",em(param('name')),
p,
"The keywords are: ",em(join(", ",param('words'))),
p,
"Your favorite editor is ",em(param('editor')),
hr;
}
print end_html;
you could open a filehandle and print to the filehandle the html code you need to display the content including the current values of the variables. see perldoc perlfunc => "open". The html file should reside outside of the cgi-bin and be included in a frame i.e. It is a big security risk to make the cgi-bin writable for web users on production servers. good luck, r
j-ray's reply seems a little confusing but essentially correct. As I see it, the security risk is by using the perl module to write the form. A normal HTML page (not in cgi-bin) is better. Then a parsing script to take the post data and write it to any file (again not a .htm file, even though it may contain HTML code) using the open statement as j-ray suggested. This file should have a weird extension that the web-server wont recognise and even a hacker wont understand. Then use javascript to insert it into a webpage.
Of course, this assumes that you have a good knowledge of perl and javascript. But that is what security is all about. Forms will always be dangerous when used by novice and even quite well experienced programmers. Why don't I like perl modules? Because, they are not needed and can expose you to security risks when you are not familiar with the inner workings.
The most important security check is to ensure that the form data really did come from the form on your server and not from somewhere else. Also that it contains ONLY the normal text that you expect, and not programming code!
Security is a pain, or fun to impliment, depending on your frame of mind. Until you get the hang of it, stay on 127.0.0.1 !!!
LinuxQuestions.org is looking for people interested in writing
Editorials, Articles, Reviews, and more. If you'd like to contribute
content, let us know.
